Laravel API Endpoints is a powerful starter kit built on Laravel Sanctum, providing ready-to-use authentication, account management, and API key features for any Laravel-based application. It’s designed to integrate seamlessly with the sveltekit-dashboard-starter, offering a smooth full-stack experience.
This package encompasses a range of features, including but not limited to:
- User registration via email and password.
- Email verification (including re-verification for new email updates).
- Secure login.
- Password reset using email-based token.
- Multi-device authentication support.
- Generate, regenerate, and revoke API keys.
- Profile management (update email, change password, manage account status).
- Active device tracking and logout from all devices.
- RESTful responses with localization support.
- Throttle protection and API key middleware for security.
It includes the following endpoints:
| Details | Method | API End Points |
|---|---|---|
| Registration | POST | /api/register |
| Login | POST | /api/login |
| Email verification | GET | /api/verify-email/{id}/{hash} |
| Verify new email | GET | /api/verify-new-email |
| Request password reset | POST | /api/password/forgot |
| Reset password | POST | /api/password/reset/{token} |
| Details | Method | API End Points |
|---|---|---|
| Resend email verification link | POST | /api/resend-verification-email |
| Logout | POST | /api/logout |
| Logout from all device | POST | /api/logout-all |
| Dashboard | GET | /api/dashboard |
| Active devices | GET | /api/active-device |
| ↪ API Key Management | ||
| List API keys | GET | /api/keys |
| Create API key | POST | /api/keys |
| Regenerate API key | PATCH | /api/keys/{id} |
| Delete API key | DELETE | /api/keys/{id} |
| ↪ Account Management | ||
| Get profile | GET | /api/account |
| Update email | PATCH | /api/account/email |
| Update password | POST | /api/account/password |
| Update account status | PATCH | /api/account/{status} |
-
All endpoints are prefixed with
/api. -
All endpoints requires the following request headers:
{ "Content-Type": "application/json", "Accept": "application/json" } -
All authenticated endpoints require a valid Sanctum API token in the
Authorizationheader.Authorization: Bearer <SANCTUM_TOKEN>
These endpoints are accessible without authentication and are subject to a strict rate limit.
Creates a new user account and sends an email verification link.
Method: POST
Endpoint: /api/register
Request Body
{
"name": "John Doe",
"email": "user@example.com",
"password": "password123",
"password_confirmation": "password123"
}Response (201 Created)
{
"success": true,
"message": "Account created successfully! Please check your email to verify your account.",
"data": {
"user": {
"id": 2,
"name": "John Doe",
"email": "user@example.com",
"profile": null
},
"token": "1|lAdHhXEP5iQfh0v29DnEqVwbWzfolFGdU6dnP3rB52fe74a7"
},
"errors": []
}Authenticates a user and returns a Sanctum API token.
Method: POST
Endpoint: /api/login
Request Body
{
"email": "user@example.com",
"password": "password123"
}Response (200 OK)
{
"success": true,
"message": "Login successful!",
"data": {
"user": {
"id": 2,
"name": "John Doe",
"email": "user@example.com",
"profile": {
"profile_picture": "profiles/default.png",
"mobile": "+8801712345678",
"address": "House 123, Road 4, Dhaka, Bangladesh",
"dob": "1990-01-01",
"gender": "male",
"bio": "This is a sample bio for user 1."
}
},
"token": "1|lAdHhXEP5iQfh0v29DnEqVwbWzfolFGdU6dnP3rB52fe74a7"
},
"errors": []
}Verifies the user's email address using the ID and hash from the verification link.
Method: GET
Endpoint: /api/verify-email/{id}/{hash}
URL structure:
/api/verify-email/2/<HASH>?expires=<TIMESTAMP>&signature=<ENCRYPTED>
Response (200 OK)
{
"success": true,
"message": "Your email has been successfully verified!",
"data": null,
"errors": []
}This endpoint verifies user's new email address whenever user updates/change their user email using the ID and hash from the verification link.
Method: GET
Endpoint: /api/verify-new-email
URL structure:
/api/verify-new-email?expires=<TIMESTAMP>&user=<USER ID>&signature=<ENCRYPTED>
Response (200 OK)
{
"success": true,
"message": "Email verified and updated successfully.",
"data": null,
"errors": []
}Sends a password reset link to the user's email address.
Method: POST
Endpoint: /api/password/forgot
Request Body
{
"email": "user@example.com"
}Response (200 OK)
{
"success": true,
"message": "A password reset link has been sent to your email address.",
"data": null,
"errors": []
}Sets a new password using the token from the password reset email.
Method: POST
Endpoint: /api/password/reset/{token}
Request Body
{
"email" : "test@example.com",
"password": "password2",
"password_confirmation": "password2",
"token": "<TOKEN FROM THE URL>"
}Response (200 OK)
{
"success": true,
"message": "Password updated successfully! You can now log in with your new password.",
"data": null,
"errors": []
}Below are the authenticated routes requires a valid Sanctum API token in the Authorization header.
Authorization: Bearer <SANCTUM_TOKEN>
Sends a new email verification link to the authenticated user.
Method: POST
Endpoint: /api/resend-verification-email
Response (200 OK)
{
"success": true,
"message": "An email verification link has been sent to your inbox. Please check your email and follow the instructions to complete the verification process.",
"data": null,
"errors": []
}Revokes the token that was used to authenticate the current request.
Method: POST
Endpoint: /api/logout
Response (200 OK)
{
"success": true,
"message": "Logged out successfully!",
"data": null,
"errors": []
}Revokes all tokens associated with the authenticated user.
Method: POST
Endpoint: /api/logout-all
Response (200 OK)
{
"success": true,
"message": "Logged out successfully from all devices!",
"data": null,
"errors": []
}Lists all active sessions/tokens for the current user.
Method: GET
Endpoint: /api/active-device
Response (200 OK)
{
"success": true,
"message": "Active devices!",
"data": [
{
"id": 1,
"name": "Web API",
"attributes": {
"mac": "XX-XX-XX-XX-XX-XX Media disconnected",
"browser": false,
"platform": false,
"ip_address": "127.0.0.1",
"device_name": "Desktop"
},
"last_used_at": "2025-10-08T06:00:22.000000Z",
"created_at": "2025-10-08T05:34:44.000000Z"
}
],
"errors": []
}These endpoints require the user to be authenticated and email-verified.
Retrieves the profile information of the authenticated user.
Method: GET
Endpoint: /api/account
Response (200 OK)
{
"success": true,
"message": "User profile details!",
"data": {
"id": 1,
"name": "Test User",
"email": "test@example.com",
"profile": {
"profile_picture": "profiles/default.png",
"mobile": "+8801712345678",
"address": "House 123, Road 4, Dhaka, Bangladesh",
"dob": "1990-01-01",
"gender": "male",
"bio": "This is a sample bio for user 1.",
"other_profile_info": "data.."
}
},
"errors": []
}Updates the user's email address. A new verification link will be sent to the new email.
Method: PATCH
Endpoint: /api/account/email
Request Body
{
"email": "new.email@example.com",
"password": "password123"
}Response (200 OK)
{
"success": true,
"message": "Email updated. Please check your new inbox to verify the address.",
"data": null,
"errors": []
}Updates the user's password.
Method: POST
Endpoint: /api/account/password
Request Body
{
"current_password": "password",
"new_password": "newStrongPassword456",
"new_password_confirmation": "newStrongPassword456"
}Response (200 OK)
{
"success": true,
"message": "Your password has been updated successfully.",
"data": null,
"errors": []
}Changes the user's account status.
Method: PATCH
Endpoint: /api/account/{status}
Response (200 OK)
{
"success": true,
"message": "Account inactivated successfully!",
"data": null,
"errors": []
}Message will be displayed based on the status
Endpoints for managing user-generated API keys.
Creates a new API key.
Important: The
plain_text_tokenis only returned once upon creation. Store it securely.
Method: POST
Endpoint: /api/keys
Request
{
"name": "Website API"
}Response (201 Created)
{
"success": true,
"message": "API key created successfully. Store this token securely as it will not be shown again.",
"data": {
"id": 1,
"name": "Website API",
"key": "9QYu1EUfFDhRHUG2B8Ac3FtvxqXHAsDr",
"secret": "hPNjZskLfkqGt1uvute2mV9Td1ymjRhsmwYze3zvZGY3xm5t8f50q7X3nsEKSWQc",
"expires_at": "2026-01-09T21:24:48.000000Z"
},
"errors": []
}Retrieves all API keys belonging to the user.
Method: GET
Endpoint: /api/keys
Response (200 OK)
{
"success": true,
"message": "All API keys of the user!",
"data": [
{
"id": 1,
"name": "Website API",
"key": "aBUaIu0g6vYSk8SKU96v3nCmSioLEVLb",
"expires_at": "2026-01-10T05:43:31.000000Z",
"created_at": "2025-10-12T05:43:31.000000Z"
},
{
"id": 2,
"name": "Mobile APP",
"key": "SKUnCmSiu96oLEVLbaBUaIv30g6vYSk8",
"expires_at": "2026-01-10T05:43:42.000000Z",
"created_at": "2025-10-12T05:43:42.000000Z"
}
],
"errors": []
}Generates a new token for an existing API key.
Method: PATCH
Endpoint: /api/keys/{id}
Response (200 OK)
{
"success": true,
"message": "API key regenerated successfully!",
"data": {
"key": "hRHUG2B8AsDc3F9QYutvxqXHAr1EUfFD",
"secret": "gqLskXhXjcpBT3aIPu8y6GbmlKsuJiONNoW03SlU6ByIbP489VOFzbIogGe3WUm7",
"abilities": null
},
"errors": []
}Deletes an API key.
Method: DELETE
Endpoint: /api/keys/{id}
Response (200 OK)
{
"success": true,
"message": "API key revoked successfully!",
"data": null,
"errors": []
}Code and documentation copyright 2022 the M B Parvez and Gosoft. Code released under the MIT License.